» ef6805c25b5a2f877bc96e021971597e.exe
Overview
Analysis
File Details
Behaviors (1)

ef6805c25b5a2f877bc96e021971597e.exe

The executable ef6805c25b5a2f877bc96e021971597e.exe has been detected as malware by 33 anti-virus scanners. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information.

File name:

MD5:

0a9c6e94ff8117a74f06e4386b7f1563

SHA-1:

8ba640bba71811cbe9424b64ed38994203162e8c

SHA-256:

439774212cc0f0da0cd91a65814575b75e089ed3c2f392e81c081e61453b61e7

Scanner detections:

33 / 68

Status:

Malware

Analysis date:

4/27/2024 4:08:31 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Trojan/Win32.Gen

2013.09.14

Avira AntiVirus

TR/Agent.44544218

7.11.102.124

avast!

MSIL:Agent-ANE [Trj]

2014.9-131227

AVG

MSIL

2014.0.3613

Baidu Antivirus

Trojan.Win32.Generic

4.0.3.131227

Bitdefender

Trojan.Generic.KDZ.1629

1.0.20.1805

Comodo Security

TrojWare.MSIL.Bladabindi.O

16937

Dr.Web

Trojan.DownLoader7.47122

9.0.1.0361

Emsisoft Anti-Malware

Trojan.MSIL.Bladabindi

8.13.12.27.06

ESET NOD32

MSIL/Bladabindi (variant)

7.8798

Fortinet FortiGate

MSIL/Agent.PPP!tr

12/27/2013

F-Prot

W32/MSIL_Troj.AP.gen

v6.4.7.1.166

F-Secure

Trojan.Generic.KDZ.1629

11.2013-27-12_6

G Data

Trojan.Generic.KDZ.1629

13.12.22

IKARUS anti.virus

Trojan.Msil

t3scan.2.0.127

K7 AntiVirus

Riskware

13.172.9576

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.4559

Malwarebytes

Trojan.MSIL

v2013.12.27.06

McAfee

Trojan-FAUE!0A9C6E94FF81

5600.7269

Microsoft Security Essentials

Backdoor:MSIL/Bladabindi.AA

1.163.1557.0

MicroWorld eScan

Trojan.Generic.KDZ.1629

14.0.0.1083

NANO AntiVirus

Trojan.Win32.Gen8.bhtrix

0.26.0.54404

Norman

Troj_Generic.HPJKR

11.20131227

nProtect

Trojan/W32.Agent.44544.TZ

13.09.13.03

Panda Antivirus

Generic Malware

13.12.27.06

Quick Heal

Backdoor.Bladabindi.A3

12.13.12.00

Rising Antivirus

Backdoor.Bot!4E4F

23.00.65.131225

Sophos

Mal/MSIL-FE

4.91

SUPERAntiSpyware

Trojan.Agent/Gen-MSIL

10882

Trend Micro House Call

TROJ_SPNR.07E913

7.2.361

Trend Micro

TROJ_SPNR.07E913

10.465.27

Vba32 AntiVirus

Trojan.MSIL.Disfa

3.12.24.2

VIPRE Antivirus

Trojan.MSIL.Bladabindi.f

21460

File size:

43.5 KB (44,544 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\startup\ef6805c25b5a2f877bc96e021971597e.exe

File PE Metadata

Compilation timestamp:

1/15/2013 7:17:09 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

768:+mldD8unm9lSQwSjErK9mTN20n5s1f6HFjH+eqvtG1eNM519l6Nnk7bHCCjPka2b:fOmwtW5Cif364HCCrk

Entry address:

0xC50E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

41.5 KB (42,496 bytes)

User Start Menu Item

Name:

ef6805c25b5a2f877bc96e021971597e.exe

Remove ef6805c25b5a2f877bc96e021971597e.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.